GDPR – What do small businesses need to do?

There’s been a lot of talk in the press recently about GDPR and how it is going to drastically alter the way that many businesses function. This is certainly true in that the changes are designed to shore up the major security issues currently surrounding data storage. This new General Data Protection Regulation is filtering through from EU law and is due to come into effect on 25th May 2018. So, if you’re not yet up to speed, it’s time to familiarise yourself and make the necessary changes.

What changes will your business need to make?

GDPR can be slightly confusing and it’s hard to work out what applies to you and what you’re not already doing. Well below are six actionable steps that you can start to put in place today. Be aware that they apply to businesses of all sizes and across all industries within the UK.

1. Start documenting

The idea behind GDPR is to increase awareness amongst business and individuals as to what information they hold and what they are doing with it. You should go through and document what data you hold for all customers, as well as how you got it and what you are doing with it. If you are sharing that data with other companies, then under GDPR you must fully update them as to any data updates or inaccuracies. Implementing these documenting systems will help you better control the flow of any data you hold.

2. Being honest with your customers

Under new GDPR you need to be fully transparent with customers on how you are collecting their data and what purposes it will be used for. Much of this information is usually included in a “Privacy Notice” and you should update this accordingly. Be sure to make all customers aware of how long you will be holding their data as well.

3. The right to be forgotten

The rights that individuals hold over their data are being extended, notably with regards to deletion of anything you hold. Customers can exercise their right to be forgotten whenever they wish, so should have systems in place for people to effectively communicate their desires with you and to allow your company to properly erase anything you hold.

4. Bring your team up to speed

You will need to be sure that everyone in your company is fully aware of all of these upcoming changes, and is able to comply on a daily basis with what it means. Any failure on their part to properly handle data can be seen as a failure on the business as a whole and is something you should act on now to avoid incurring penalties.

5. Offering consent

As a part of the increased transparency of collecting data, you need to be more upfront with customers. This means removing all auto opt-in buttons on sign up forms, and instead seeking the express permission to retrieve and hold customer data. Be aware that consent cannot be based on someone’s inactivity or silence, and instead must be unambiguous and certain.

6. Thinking about children

Anyone under the age of 16 must have the express permission of their parent or guardian for them to share their personal data. These measures are to better protect children online, especially with regards to social media. Be sure to have measures in place to verify the age of anyone consenting to share their information.

How will GDPR be monitored?

The Information Commissioner’s Office (ICO) is having its powers extended as a part of GDPR. They are the body responsible for overseeing the effective implementation of GDPR and to ensure that no breaches occur. Here are some more things to be aware of.

– The possible fines for breaking Data Protection Regulation are being extended to a maximum of £17 million, or 4% of global company revenue.
– You will be subject to randomised impact assessments to ensure your systems are secure enough to protect against hacking or data security breaches.
– If you are hacked, you will have 48 hours to notify the ICO, and 72 hours to notify anyone who is placed at immediate risk as a result of their data being compromised.
– It is recommended, and in some cases obligatory, that you allocate a Data Protection Officer. Their job should be to ensure you are complying with all regulation and to test and check systems. This is necessary if you handle a lot of customer data or if you are a public authority.

Featured Blogs

Do you currently own a .org.uk, .net.uk, .me.uk, .plc.uk, .ltd.uk, or .co.uk domain name? If so, it’s possible that until June 25th, 2019, the matching .uk domain may automatically have been reserved for you. So, for example, if you own mywebsite.co.uk – until June 25th the corresponding mywebsite.uk domain may have been reserved. If you’d …

In the early 1990s – before Gmail, Zimbra, Zoho, and ProtonMail came along – Yahoo Mail was king of the hill. It was free, easy to use, you could have any email address you wanted, and access it from anywhere on the planet. Everything was good. Except for one problem: spam. Literally millions of fake …

A job well done is its own reward – however, it’s nice to be noticed and appreciated for the hard work you do. As such, catalyst2 is proud to announce that we’ve reached the finals in two categories of the 2019 ISPA Awards! The ISPA Awards The ISPA Awards is the largest awards ceremony for …

cPanel is well known within the IT and business world as an easy way to manage your business’ website but also its emails. With its intuitive user interface and wide range of powerful features, web and email hosting via the online cPanel platform is a great way to keep on top of your companies digital …

As South Korea claims to have pipped its US rivals to the post in being the first to roll-out a lightning-fast 5G mobile network, many are asking the question “just what is 5G?” Well, let us help you answer that question. 5G means ‘Fifth Generation’, and it is the latest innovation to join the raft …

There is still a lot of concern about whether there is going to a deal or not with the EU. The UK is due to leave the trading bloc in less than a month, an extension is possible but the chances of a deal seem slim. Even if there is a deal, there are going …

Brexit is a major issue for most companies in the UK right now, but there is one aspect which you may have overlooked: your .EU domain name. The Department of Digital, Culture, Media and Sport (DCMS) has announced that if the UK leaves the European Union on 29th March 2019 without a deal, any UK …

At catalyst2 we want to ensure we are delivering a fast and secure infrastructure for our clients, with this in mind, we recently completed some significant planned upgrades. Continuous improvement is central to everything we do at catalyst2 and also part of our commitment to ISO 9001. We recently upgraded our VMware infrastructure by adding …

To mark Safer Internet Day on February 5th 2019, Google released a new password checking plugin for its popular Chrome browser. It might sound boring but it could be vital in alerting you to compromised accounts. The Password Checkup Chrome Extension monitors your credentials, and if you attempt to sign in using compromised data, you …